Advisories : Vulnerability in CamShot server (Authorization)

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : Vulnerability in CamShot server (Authorization)

Title:	Vulnerability in CamShot server (Authorization)
Released by:	SecuriTeam
Date:	15th September 2000
Printable version:	Click here

Vulnerability in CamShot server (Authorization)

----------------------------------------------------------------------------







SUMMARY



CamShot is a web server that serves up web pages containing time stamped

images captured from a video camera. This product contains a remotely

exploitable security vulnerability that allows a remote attacker to gain

elevated privileges on the remote system.



DETAILS



Vulnerable Versions:

CamShot 2.6 trial version ( <http://broadgun.com/camsht26.exe> )



Example:



GET / HTTP/1.1

Authorization: Basic ['a'x325]



Since the server crashes in a way that enables attackers to execute

arbitrary code, this vulnerability is quite dangerous.



Vendor:

Vendor has been contacted Saturday, August 26, 2000. No response has been

received.





ADDITIONAL INFORMATION



The security hole was discovered by   Beyond

Security's SecuriTeam.





====================

DISCLAIMER:

The information in this bulletin is provided "AS IS" without warranty of any

kind.

In no event shall we be liable for any damages whatsoever including direct,

indirect, incidental, consequential, loss of business profits or special

damages.

====================